Re: [OAUTH-WG] 2 Leg with OAuth 2.0
Eran Hammer-Lahav <eran@hueniverse.com> Tue, 29 November 2011 20:38 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 160451F0CDA for <oauth@ietfa.amsl.com>; Tue, 29 Nov 2011 12:38:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nx+uGA9joAW7 for <oauth@ietfa.amsl.com>; Tue, 29 Nov 2011 12:38:29 -0800 (PST)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by ietfa.amsl.com (Postfix) with SMTP id 6F1B91F0C84 for <oauth@ietf.org>; Tue, 29 Nov 2011 12:38:29 -0800 (PST)
Received: (qmail 4997 invoked from network); 29 Nov 2011 20:38:28 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.21) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 29 Nov 2011 20:38:28 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT003.EX1.SECURESERVER.NET ([72.167.180.21]) with mapi; Tue, 29 Nov 2011 13:38:22 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Brian Hawkins <brian@lingotek.com>, "oauth@ietf.org" <oauth@ietf.org>
Date: Tue, 29 Nov 2011 13:38:17 -0700
Thread-Topic: [OAUTH-WG] 2 Leg with OAuth 2.0
Thread-Index: Acyu1ZBEiSiJVmm1SLurJ2pJcptthwAASXcA
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723452856C6DD1@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <CAK04b078ohKScZWEd-fJpiO73GFP-fOd+Lu8su-_nZs_KrKgbg@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723452856C6DBE@P3PW5EX1MB01.EX1.SECURESERVER.NET> <CAK04b06gNf5Qe3ndagzCM6C36v52p2NGCteD=AdMktSoCDgawA@mail.gmail.com>
In-Reply-To: <CAK04b06gNf5Qe3ndagzCM6C36v52p2NGCteD=AdMktSoCDgawA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_90C41DD21FB7C64BB94121FBBC2E723452856C6DD1P3PW5EX1MB01E_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] 2 Leg with OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2011 20:38:32 -0000
Both MAC and Bearer work in this setup, just think of them as HMAC-SHA-1 and PLAINTEXT in OAuth 1.0. In Bearer, your token is the client secret and in MAC, the client secret is the key. EHL From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Brian Hawkins Sent: Tuesday, November 29, 2011 12:28 PM To: oauth@ietf.org Subject: Re: [OAUTH-WG] 2 Leg with OAuth 2.0 Maybe I'm making this harder then it should be. Here is the situation: Site A and B both trust each other. Site A needs to update user information at site B. With OAuth 1.0 Site A would use it's consumer key and secret to sign the update call to Site B (no access token involved). Only one message is sent. The closest I can come to the above with OAuth 2.0 is to use the MAC token scheme and sign the request with the consumer secret. Is that valid? I kind of get the idea that the protocol doesn't care. It feels like the bearer scheme just doesn't work for what I'm trying to do. Thanks Brian On Tue, Nov 29, 2011 at 1:06 PM, Eran Hammer-Lahav <eran@hueniverse.com<mailto:eran@hueniverse.com>> wrote: This functionality can be implemented in two main ways: 1. Using the client credentials flow to get an access token, then using the protocol as usual 2. Just using the Bearer (over SSL) or MAC token schemes without the rest of OAuth EHL From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org>] On Behalf Of Brian Hawkins Sent: Tuesday, November 29, 2011 11:49 AM To: oauth@ietf.org<mailto:oauth@ietf.org> Subject: [OAUTH-WG] 2 Leg with OAuth 2.0 I'm having trouble finding information on how to do 2leg authentication with OAuth 2.0. Does it even support it? Thanks Brian
- [OAUTH-WG] 2 Leg with OAuth 2.0 Brian Hawkins
- Re: [OAUTH-WG] 2 Leg with OAuth 2.0 Peter Saint-Andre
- Re: [OAUTH-WG] 2 Leg with OAuth 2.0 Phil Hunt
- Re: [OAUTH-WG] 2 Leg with OAuth 2.0 Eran Hammer-Lahav
- Re: [OAUTH-WG] 2 Leg with OAuth 2.0 Brian Campbell
- Re: [OAUTH-WG] 2 Leg with OAuth 2.0 Brian Hawkins
- Re: [OAUTH-WG] 2 Leg with OAuth 2.0 Eran Hammer-Lahav
- Re: [OAUTH-WG] 2 Leg with OAuth 2.0 William Mills
- Re: [OAUTH-WG] 2 Leg with OAuth 2.0 William Mills